VIR Vulnerability Intelligence Relay

Package impact

ruby RubyGems / activesupport

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2013-0333 high 8.5 14y ago lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows re… debianruby
CVE-2023-22796 high 8.0 3y ago A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a sta… rockylinuxsusedebianruby
CVE-2013-1856 medium 5.8 13y ago The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is us… debianruby
CVE-2026-33170 medium 5.5 2mo ago Rails Active Support has a possible XSS vulnerability in SafeBuffer#% susedebianruby
CVE-2026-33176 medium 5.5 2mo ago Rails Active Support has a possible DoS vulnerability in its number helpers susedebianrubygcp
CVE-2026-33169 medium 5.5 2mo ago Rails Active Support has a possible ReDoS vulnerability in number_to_delimited susedebianruby
CVE-2015-3227 medium 5.0 11y ago The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service… susedebianruby
CVE-2011-2932 medium 4.3 9y ago Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow… debianruby
CVE-2011-2197 medium 4.3 9y ago The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it … debianruby
CVE-2015-3226 medium 4.3 11y ago Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web scri… debianruby
CVE-2012-3464 medium 4.3 14y ago Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow re… debianruby
CVE-2012-1098 medium 4.3 14y ago Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors in… debianruby
CVE-2023-38037 unknown 3y ago ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's po… debianruby
CVE-2023-28120 unknown 3y ago There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. susedebianruby
CVE-2020-8165 unknown 6y ago A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore pote… susedebianruby
CVE-2009-3009 unknown 9y ago Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings… debianruby
CVE-2009-3086 unknown 9y ago A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allo… debianruby